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But dont pop the champagne cork just yet... right across the world, card fraud 
is on the increase again. The card fraudsters from Romania to Richmond to 
Reno that spend their days maxing out fraudulently obtained cards on flat 
screen IVs, smartphones, high-end fashion, travel and laptops need to do 
something to relax in the evening. And they're coming to your site... 


Fraudsters love online gaming, not just in their leisure time but also in their work 
time. As for the supposed threat from money launderers using online gaming to 
cash out and launder money, well that's just a myth right? Wrong. 


In this Jumio White Paper we will share the results of conversations with ex- 
fraudsters and law enforcement officials about how fraudsters are targeting the 
online gaming industry. 


Here's Jumios insight into five ways that fraudsters are targeting your eGaming 
operation. And how you can stop them by understanding how Jumio's computer 
vision is helping companies prevent fraud whilst reducing payment friction. 





JUMIG The Fraudsters Playbook: 5 tricks that fraudsters use to target eGaming operators 


http://moneyweek.com/penny-sleuth-how-gambling-has-transformed-since-my-bookie-days-63909/ 


5 tricks that fraudsters 
use to target eGaming 
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The stacked deck 4-6 


How fraudsters engineer fraud 
in peer-to-peer gambling 


The lay-oft /-10 


How fraudsters will try to cover their 
tracks on your site when using 
fraudulently obtained card details 


The team wash 11-13 


How fraudsters will work as a co-op to 
launder their proceeds of crime through 
peer-to-peer gambling sites 


The gift wash 14-15 


How criminals fraudulently get access to 
customers online wallets to wash dodgy 
cash into clean cash 


For sale 16-18 


The log-in details for your site that 
fraudsters are currently buying on the 
dark web 


And how to stop the 19 
fraudsters coming to 
your site 
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How fraudsters engineer fraud 
in peer-to-peer gambling 


When fraudsters target peer-to-peer gambling, the 
fraudsters aren't just trying to beat the gaming site, 
they're gaming the sites customers at the same time. 


Here's a technique that we found being discussed on 

a fraudsters chat room called “The Stacked Deck” that 
fraudsters use to engineer fraud in peer-to-peer gambling 
such as poker. 





www readapokkerreview.com 


Online gaming enthusiast 
Noob browses online gaming 
review sites or operators’ 
social channels looking for 
the best chip bonuses. 


READ A POKKER REVIEW.COM 


Impressed by the social 

Interaction, Noob asks his READ A POKKER REVIEW.COM 
fellow gamblers where he 
can get the best odds. VIP signup bonus ofr codes? | 


Noob1 





JUMISG The Fraudsters Playbook: 5 tricks that fraudsters use to target eGaming operators 4 





[he stacked deck 


READ A POKKER REVIEW.COM 


Mr Helping Hand 
volunteers a great site he 
has just used where he got 
voucher codes for a load 
EIE of betting sites and gets 


Mr. 
Hey, you should try this cool site called 


mypokkerbonus.com. I’m a 
send me a PM if you want to play a few hands 


bit of a Noob too but 


ade $ chatting with Noob, and 
they arrange to meet at a 


Noob1 
Thanks will definitely check it out. lII be 
F1 free in half an hour if you want to play | table once Noob has got 


MR HELPING 
HAND 


Noob goes to the 
recommended VIP bonus 
site and upon clicking 

on the links to get latest 
bonus codes...surprise 
surprise... his device is 
being loaded with screen 
scraping malware so that 
the fraudster can see 
what Noob is doing. 





EEEE 2 





the VIP sign-up bonuses. 


Wes my pokker banus cor 


@ MYPOKKERBONUS.COM 


SIGN UP 


NOW 


FOR VIP POKER BONUSES 





Noob & Mr Helping 
Hand as arranged 


DERIER n meet at a table and 
Mr Helping Hand 

kindly takes Noob 

to the cleaners... 
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[he stacked deck 


( ( This exploit requires skills that not every fraudster 
has got...patience, technical know-how and the 
mind for the long game. Work it right and the 
gaming punter can be in your back-pocket for 
long enough to be a nice little earner. , , 


Ex-fraudster 





In this exploit the victim doesn't even know that they have been 

hit by fraud, instead putting it down to bad luck, bad cards or bad 
judgement. From the fraudster's perspective, one victim alone won't 
yield a huge return, but they can work this victim for as long as they 
like, tracking them across different sites and playing a long game 
by playing (and beating them) under different user names. 
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How fraudsters will try to cover 
their tracks on your site when using 
fraudulently obtained card details 


From a fraudster's perspective, their best work is done when 
the victim doesn't know that they have been defrauded. Here's 
a technique that fraudsters use with stolen cards to cover their 
tracks: 


www.silkroad6.com 


The fraudster goes 
shopping on fraudster 
(visa master) = 8$ - Canada (ame) Ose Auctals e chat room to prepare 


A with DOB or 81N = 15$ - EU with DOB or BIN - 30£ - spain 

h = 15$ - spain = 15$ - EU with DOB = 15$ New Zealand = v for the fraud . 
sweden (VE) =15$/1cvv Middle East = 15$/icvv if buy more h 

15$ - Singapore = 15$ - Phillppin = 15$ - Malaysia = 15$ spa 

(Amex,drs) = 4$ - US with bin dob ssn = 15$ - UK (visa) with 

6$ - Australia (amex) = 10$ - US (full info) = 20$ - UK (visa m 

Pass = 6$ - UK, AU, CA, INTER with mail, Pass = 15$ - UK 

= 15$ - holland = 15$ - Spain = 15$/1cvv - Denmark = 15$ - 

/1cw Asia = 15$/1cw if buy more than 50 cc 13/1cvv Spain - 

a So in o vith DOR b New ealang 


The fraudster buys 
payment card and 
Address: 1411 Washington Parkway Suite 98 Redwood Short identity Gara from 


www.silkroad6.com 


San Mateo CA 94002 Date of birth: 12.02.1975 


fraudster chat room. 
Name: Tim Owens Card no: 1234 5678 9100 1234 Issue: 09/ 
Exp: 08/16 Address: 39 Huntsbridge Avenue Tonbridge Kent 
TN21 OQW Date of birth: 22.03.1960 


Name: Thierry Owens Card no: 9876 5432 1000 1234 Issue 
08/13 Exp: 07/16 Address: 88 rue des Tulipes 75216 
Paris France Date of birth: 14.08.1979 
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F : 


=] | 


The fraudster uses card details 
to load €200 funds to a prepaid 
vras card. Money laundering 


regulations governing prepaid 
ENERGIES money schemes only brings 
Customer Identification Program 
or Customer Due Diligence 
— procedures into play if the 
prepaid card load is greater 
than €999. As a result the 
fraudster can use whatever 
identity details they wish in 
this part of the fraud or they 


can use the identity data they 
purchased earlier. 


The fraudster then goes on to 
TE create an account at an online 


RT s gambling site. The fraudster 


Nae can proceed with fake details 
DEPOSIT they are using or choose to use 


Card Type 


the real customer identity details 


Card Number 


they have obtained. Customer 


Badet verification is undertaken at 
different levels and at different 


times by the gambling operator 
based on where they are 
licensed, creating loopholes 
for the fraudster to exploit and 
enabling the fraudster to learn 
which sites are easier to target 
than others. 
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BET ON 81.COM 


My bets 
Arsenal v Everton 
EVERTON TO WIN €20 
3.10 at Newmarket 
PINEAU DE RE TO WIN €15 
Murray v Nadal 
NADAL TO WIN €30 
49ers v Raiders 
49ERS TO WIN €25 


The fraudster lays several bets. If they win then they are building 
funds that they can then withdraw to their prepaid card. If they 
lose then they have lost nothing but in fact have started building 
an account history with the operator, which they can use to their 
advantage at a later date. 


BET ON 81.COM 


Account summary 


PREVIOUS BALANCE €200.00 
TOTAL LOSSES & 15.20 (-) 


TOTAL WINS €195.00 (+) 


BALANCE €320.00 
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F : 


But here's the clever bit... |f they win, then the traudster cashes 
out €200, back to the prepaid card, with which they then pay 





The real card owner sees a €200 charge which was immediately 
credited back and receives an email, letter or call (from the 
fraudster of course) pretending to be the bank and card scheme 
announcing that their automated fraud detection has detected 
and caught the fraud attempt with no further action needed. 


Address: 1411 Washington Parkway Suite 98 Redwood Shori 
San Mateo CA 94002 Date of birth: 12.02.1975 


Name: Tim Owens Card no: 1234 5678 9100 1234 Issue: 09/ 
Exp: 08/16 Address: 39 Huntsbridge Avenue Tonbridge Kent 
TN21 OQW Date of birth: 22.03.1960 


Name: Thierry Owens Card no: 9876 5432 1000 1234 Issue 
08/13 Exp: 07/16 Address: 88 rue des Tulipes 75216 


VISA €200.00 


Card Number 


8180 4636 4444 7010 


Expire date 


TAKE OUT €200 
TO PAY BACK 
STOLEN CARD 


Create account 


Nami 


Card Type 


VISA €200.00 


Card Number 


8180 4636 4444 7010 


Expire date 


www.beton81.com 
BET ON 81.COM 
Account summary 
PREVIOUS BALANCE €200.00 
TOTAL LOSSES € 15.20 (-) 


TOTAL WINS €195.00 (+) 


BALANCE €320.00 





And then the cycle begins again... fraudster loads to 
prepaid card, which loads to gambling account... 
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back the original €200 to the payment card used to start the fraud. 
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How fraudsters will work as a 
co-op to launder their proceeds 
of crime through peer-to-peer 


gambling sites 


Gamblers want to be able to create a gaming account 

and cash-out in a smooth and seamless process. At the 
same time operators are mandated to put in place checks 
and balances that will detect and deter crime. Getting the 
balance right to keep customers coming back whilst keeping 
fraudsters out is a tricky balancing act. 


Here is some insight as to how fraudsters told us how they 
work together to clean their cash on online gaming sites. 
"The team wash' is how fraudsters use gaming operators as 
conduits for money laundering. 


In this fraud exploit, fraudsters 
will club together and work 

as a gang to help each other 
launder money. 


The fraudsters control bank 
accounts or other payment 
tools that are not registered 


UPLOAD TO MYPOKKER.COM 


in their own names. The 
Teese broceeds of their crime are 
channeled into this account. 


UPLOAD TO MYPOKKER.COM 
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e Is The team wash 


In Game 1 Fraudster A loses £435 
to Fraudsters B and C. 


FRAUDSTER A LOSES 
€435 to FRAUDSTERS 
z6- m 


They work as a co-op together to launder their funds at online poker tables. 


In Game 2 Fraudster B loses £410 
to Fraudsters A and C. 


FRAUDSTER B LOSES 
€410 to FRAUDSTERS 
A and C 


In Game 3 Fraudster C loses £510 
to Fraudsters A and B. 


FRAUDSTER C LOSES 
€510 to FRAUDSTERS 
A and B 
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e D edid The team wash 


( ( This is not a big cash-out exploit but more of a regular 
little earner. Most operators are actively looking out for 
signs of chip dumping so the losses & wins have to 
stay small and under the radar. J J 


Ex-fraudster 


k k My team and | would have a game plan in 
advance and be on the mobiles or on VOIP 
and tell each other when to raise or fold and 
we would make the win/loss pattern look 
convincing. We would always play from our 
normal respective locations, at the same time 
of day and using the same devices, nothing that 
would raise the alarm at the payments team. , , 


Ex-fraudster 
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How fraudsters will access other 
peoples payment tools, not to 
steal their money but to pass their 
own funds through for cleaning 


This fraud exploit is one where a lone fraudster takes 
advantage of human nature and greed to launder money 
through online wallets often used by online gaming 
customers. Here's how it works: 


! The fraudster obtains 
SILKROAD6.COM credentials to an online 
wallet (the target wallet) 


Online Wallet UserName: Timonline96 I d 

Online Wallet Password: WallletO1 via a fraudsters chat room, 
Se E EE malware attack, or Wi-Fi hack. 
Online Wallet Issuer: Mynewkash 

Security question: What was your first pet? 

Security question: A Grindylow 

Customer name: Tim Owens 





The fraudster transfers 
monies from their own 
financial instrument 
funded by the proceeds 
of crime to the target 
wallet. 
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The fraudster uses target's wallet credentials to load 
€1,000 to the target wallet. 
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FRAUDSTER BANK 
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TARGET WALLET 


The fraudster sends on €800 from target’s wallet to another 
financial instrument they control and own in another name. 

In this new financial instrument the fraudster’s money is clean 
and unassociated with the proceeds of crime. 
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TARGET WALLET 


The fraudster leaves €200 in the “victims” wallet so that the victim 
sees it as a mistake or accounting error and has an incentive not to 
report the surplus €200 they find sitting in their account. 
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sak] For sale 





The tutorials, gaming site logins, 
and data that is currently for sale 
on the dark web 


As part of our research with (ex) convicted fraudsters, we 
were given a brief glimpse behind the curtain, a quick tour 
of the dark web. Here's our insight into the sale of tutorials 
on how to target gaming sites, gaming site logins, and 
easy access to payment instruments. 


since the Silk Road was shut in 2013 by the FBI and UK's National Crime 
Agency, subsequent generations of it have re-spawned. In fact as of April 
2014, the fraudsters are now trading on version six of the Silk Road, in itself 
an indication that each version of the Silk Road has a limited shelf life and 
is abandoned by the fraudster community before law enforcement catch-up 
and begin surveillance. 





Of note here is the name of the site "silkroad6ownowfk.onion" showing 
that there are now multiple generations of silk roads. The tools available to 
fraudsters targeting the gaming industry include logins to bank accounts, 
prepaid cards and money transfer services. 


wwWw,.silkroade&ownowfk.onion.com 


SILKROADG 


ae rà F 1 £100 ONLINE TESCO VOUCHERS 


v rann 1 al BCARD vendor original 0.093818 
Books IDX M ships from United Kingdom add to cart 
aret — 31 PLEASE BEAD ships to Worldwide 

Custom orders 2 7 

Digital goods 77 ANONYMOUS VISA IBAN CARD | GBP USD EUR 


Drug era ph isi 167 
sant i vendor lama 0.044190 
Electronics 47 T | ei from Poland add to cart 
Eratica 115 l ships to Worldwide 
Forgerias 115 
edad “nes DOUBLE OR NOTHING. Best Odds Lottery 
Herbs & Suppliments 2 " - 
cus the Road Retu 
Jewelry 127 — vei (50.002329 
Lab supplies 25 add to cart 
L L ships from Finland 
atteries and games 2 : 
Medical 8 ships to Worldwide 


Money 359 

Pig 1B Mr. Nice's Mega Lottery | 14 Grams | UK only 

Services 193 vendor Mr. Nice 

Writing 42 $c = Ves Ell ships from United Kingdom 80.023484 

"T ships to Wordwide add to cart 
© KEN 500-1000 £ ?GAINM RISK FREE FREEBET 

100% WORKING 
vendor Mr. Mice 80.0230 544 
ships from Undeclared add to cart 
ships ta Worldwide 
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Here's a sample screen shot from the Silk Road 6... 


www.silkroad6ownowfk.onion.com 


SILKROADG 





mee £100 ONLINE TESCO VOUCHERS 
vendor origina 


Jra: 500-1000 £ ?2GAIN RISK FREE FREEBET 










2 1009; WORKING 
© "i " vendor Mr. Nice B0.0230544 
3 > 9 ships from Undeclared add to cart 


ships to Worldwide 





SAATA 500-1000 £ ?GAIN RISK FREE FREEBET 
s 100% WORKING 


at 
C wendor Mr. Nioe 
— = uus hom Unetecteres 
1 2 3 
araa Io WU anh 


IBo.0230544 
add bz: cari 


Of particular interest though is the 
tutorial on how to defraud one 


of the UK's largest betting sites. www.silkroadéownowfr.onion.com 
We have edited the text and the SILKROADG 
imagery as it's not fair to expose 
i MUS oni WELCOME 2 
one site alone when nearly all the vou — E O G A 


: £25 FREE BET 
large sites have been probed, 


analyzed and exploits produced E 
and sold to the highest bidder. ot tne 


500-1000 £ 7GAIN RISK FREE GN *2013** 100 % WORKING 
$0.0227432 


In this tutorial, the vendor offers: gael el 
e A method for exploiting the ait — 
site's free sign-up bonus 


e A method as to how to 
"bypass the KYC stuff" 


Further contact with the vendor 
working this particular operator » " 
reveals that the tutorial is in fact how tO e) ers sts the KYC stuff 
a conduit to the real product on 
sale, access to live accounts with 
live balances. The accounts are 
established accounts that have a 
transactional history. The starting 
rate to buy access to an account is 
€10, with higher funds charged for 
more established accounts with a 
higher balance. 
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( ( | didn't specialise in one particular operator. 
What you find is that at times, it's hard to 
open accounts with some operators but a few 
months later, as they tweak their policies or 


have a push to open new accounts they can 
be weaker. Word then gets out that EE is 
weaker or that Wf has closed their loopholes. 19 


Ex-fraudster 





The laws of supply and demand are also at work here. 
Sometimes the fraudster will have scores of accounts opened 
and in which case he or she sells most of them on. When they 
do not have a surfeit of open accounts, they work them for their 
own profit. 


JUMIO The Fraudsters Playbook: 5 tricks that fraudsters use to target eGaming operators 18 


How does Jumio tackle the 
fraud challenge? 


What if there was a new way of making the deposit process on gaming websites 
more difficult for fraudsters? 


And at the same time help increase revenue by tackling the problem of transaction 
abandonment? 


At Jumio, we specialize in computer vision, which is another way of saying that we 
think it's old fashioned to key in payment and personal data when we can be getting 
our (increasingly clever) devices to do the work for us by utilizing a webcam or a 
mobile device camera. 


Here's a couple of examples of how Jumio's computer vision is helping companies 
prevent fraud whilst reducing payment friction: 













How to make a card-not-present transaction more present 





Mobile Payment Entry Time (seconds) 


Cardholder AE... oites using Jumio's Netswipe offer 

| their customer the option to deposit 
by scanning their card with their 
device camera or webcam. 





DETSWIPE" Key Entry 


BY IUMIO 





- =œ 
di O 


Jumio customers 
enjoy an average 


18-33^ 


transaction conversion 
increase 


DEPOSIT NOW 


1234 5678 12 


Jumio scans card number, expiry date, 
customer name (and sort code and 
account number if needed) and sends 
it directly into the payment process. 


Zi oe Cho e E sk O e o Roo D o D oen e£5eg 5a 
ao Susi os x d Bos M Iw SK OO H 


= C 
OEE S- E'S IC os @& 
—~o/-"OoO-0+-0- 0 


Fraud-related Chargebacks (%) 


1| CASHIER 


: ;| DEPOSIT SUCCESSFUL 


ps 


aoa rmm ———m——m—— Isle m 


Customer evidences that they have 
the physical card and flies through 
deposit and transaction is complete. | nerswiPE" Key Enty 


ZG e i sè D œG «B +6688 G= B KG oe G œ 
[2 1 5 +s B80 0 + 90+ OD OD 38+ O + ØO — 
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How to validate customer age 
and identity at account creation 
or pay-out as if they are standing 
right there in front of you 


«CALIFORNIA Swemucpee 
= - 2234588 | 
| TOM eise Sites using Jumio prompt customers to use 
S ane the webcam or mobile device to scan their 


driving license, passport or other photo ID. 





XX» 4 RN 


PET 


Jumio validates customer ID document 
and checks a range of security features. 


[L| 
NA y” Forgery check 
-— 


Q Hologram check 
v/ Microprint check 
v" MRZ code check Jumio captures an image of the customer 


via webcam or device camera and Jumio 
completes a Face Match to check that the 
face in the ID document is the same as the 
face behind the account creation or pay-out 


vi Face detection 
Image normalizati 
Facial comparision 
Face match confidence rating 


Underage customers and fraudsters drop 
out and move onto less well protected sites. 
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To hear more about how fraudsters 
are targeting your business and how 
Jumio can help prevent fraud and 
decrease payment friction. 


email: fraudplaybookQjumio.com 
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